Threat Intelligence Blog

Weekly Threat Intelligence Brief: November 28, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Technology

“The revelation that Uber concealed a major 2016 data breach affecting 57 million users and paid hackers to destroy the evidence is yet another PR nightmare from Uber’s darkest era, but it’s also a major problem when it comes to state laws around data breach disclosure practices. In light of Bloomberg’s report, the office of New York State Attorney General Eric Schneiderman confirmed to TechCrunch that it has opened an investigation into the incident.

The new investigation won’t be the first time that Uber has tangled with Schneiderman. Flaunting laws over the course of its aggressive pursuit of growth, Uber often ran into conflict with city and state legal authorities, and New York is no exception. The company reached a settlement with Schneiderman’s office in January 2016 over its abuse of private data in a rider-tracking system known as “God View” and its failure to disclose a previous data breach that took place in September 2014 in a timely manner.

As a result of the settlement, Uber was required to encrypt the geodata of its riders, employ a multi-factor authentication system to verify the identity of anyone accessing rider data and make other standard security enhancements to protect consumer privacy. Uber also agreed to pay a $20,000 fine for its failure to disclose the data breach.The FTC was reached for comment about how it planned to handle news of the new Uber data breach, but the agency replied that it did not have a comment at this time. Earlier this year, Uber settled with the FTC around the “God view” tool and its failure to protect the private data of consumers in a previous data breach. Uber agreed to 20 years of privacy and security auditing as a result of the FTC settlement.”

Operational Risk

“Several popular antivirus products are affected by a type of vulnerability that allows an attacker to escalate privileges on a compromised system by abusing the quarantine feature, a researcher warned on Friday. Once an attacker hacks into a system, they might need to somehow obtain higher privileges in order to access information that would allow them to move laterally within the network.

An information security auditor at an Austria-based security firm, claims to have discovered a new way to achieve this: abusing the uarantine feature of some antiviruses. The attack method, dubbed by the researcher AVGater, relies on a combination of flaws and known techniques. According to the researcher, an attack starts with a malicious DLL file being placed into quarantine by the antivirus software.”

Defense

“Monday’s announcement that the United States would label North Korea a “state sponsor of terrorism” may see a heated response from Pyongyang. Most of the discussion about potential war scenarios has focused on North Korea’s formidable ground force (the fourth largest in the world), its 11,000 pieces of artillery threatening Seoul, and its emerging nuclear capability, but there’s another threat: Pyongyang’s rapidly expanding cyber-capabilities.

North Korea’s 3,000 to 6,000 hackers and the 10 to 20 percent of its military budget going toward online operations mean the country’s cyberthreat to the United States stands only behind that of China, Russia and Iran. Though it may appear as if North Korea has the cyber-upper hand, the regime is unlikely to successfully employ cyberattacks in tandem with conventional military operations, for three reasons: China is North Korea’s primary Internet provider; despite its limited connectivity, North Korea still fears retaliation; synchronization of cyber and military operations is difficult.”

Insurance + Healthcare

“The House Committee on Energy and Commerce is asking the Department of Health and Human Services require that manufactures list the components and materials used in medical equipment as one way of helping ensure these devices are safe from cyberattacks.

In a letter to HHS Acting Secretary Eric Hargan on behalf of the entire committee, Rep. Greg Walden, R-Ore., cites the WannaCry and NotPetya attacks made earlier this year as examples of malware that could have been defeated if hospitals and equipment vendors had a better idea of what components were used in their manufacture.”